Skip to main content
Skip table of contents

Create Alarm Lists

Only Global Admins or Restricted Admins with elevated View and Manage privileges can take this action.

The LogRhythm SIEM produces thousands of alarms. Creating an alarm list categorizes the alarms, which makes it easier to find an alarm that requires action.

  1. On the main toolbar, click Deployment Manager.
  2. On the Tools menu, click Monitor, and then click Alarm Viewer.
    The Alarm Viewer Wizard appears.
  3. Select the appropriate radio button for the date range criteria you want.
  4. Select the check boxes of the statuses an alarm must have to be included in the alarm list.
  5. Click Next.
  6. Choose from the following:
    • Include All Alarms. Select this check box to include all of the generated alarms. The alarms listed here are grayed out.
    • Check All. Select this check box to select all of the alarms included in the search.
    • Check All Displayed. Select this check box to select only the displayed alarms.
  7. Click Next.
  8. Select a notification option, and then, if necessary, select the users who were notified about the alarm to further filter the alarm list. The options are as follows:
    • Load Alarms where I was notified. This option only loads alarms for which the current user is notified.
    • Load alarms regardless of who was notified. This option loads all the alarms generated by the Entities to which the user has access. If these alarms are being viewed by a Restricted Administrator, only the alarms generated by the Entities to which the Restricted Administrator has access appear.
    • Load alarms where the people selected below were notified. This option only loads alarms for the selected people who were notified about them.
  9. Click Next.
  10. To refresh the list as it is viewed, select the Update and add new alarms check box.
  11. Configure the Alarm Engine Settings:
    • Maximum query page size. Set the number of alarms to display on a page. The maximum amount is 10,000.
    • Maximum loaded items. Set the number of alarms returned for a query. The maximum amount is 10,000.
    • Query timeout. Set the amount of time, in seconds, that must elapse before a query times out.
  12. Click Next.
    The Alarm Viewer window opens.
  13. Right-click an alarm, and then click Show Alarm/Action Properties to view the Alarm Properties and Alarm SmartResponse tabs.
  14. To change which columns appear in the grid, do the following:
    1. Right-click anywhere in the grid, and then select Grid Properties.
    2. Select or clear the column name check boxes to include or exclude them in the grid. 
      The grid updates as soon as the columns are selected or cleared.
    3. To return to the Alarm list, click Close.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close